hi kawng,

Yes.. am using this path "C:\Progra~1\CSCOpx\log\syslog.log" on the change storage option tab...

I can see log messages coming on the syslog.log file, but am not able to view using the standard reports..

hi kawng,

here are your answers:

does CASUSER have FULL CONTROL permissions?

Yes.. it has full control..

Is the SyslogAnalyzer process running?

Ans: the CMF syslog service is running... what else should i check to see that the sysloganalyser is running or not..

Was the location of the file ever changed?

Ans: wasnt changed at all.. right now, i had tried changing the file to a different one, called newsyslog.txt and i have changed the mapping on the regedit too.. now, i receive all the messages on this new file, but still not able to view the standard reports..

Has Syslog Standard Reports ever worked before?

havent checked that, because we are just now customizing the ciscoworks here...

Are all reports getting the same error? ie. 24 hr report, etc.

Ans: Interesting thing is that , only the standard report has this error.. even the "severity level report" comes up with some figures , like warnings- 8, debug -7 etc, but when i click on the warnings, to see the logs, it gives me an error...

One thing is that the ciscoworks server is behind a firewall and we have opened UDP 514 on the firewall. the syslog messages are successfully delivered to the ciscoworks server, but we arent able to retrive it locally.. so , i think there is no problem with the firewall in between.. can you confirm ?

Hi,

I've got a similar problem:

My Syslog was working fine for a long time.

I'm running RME 3.5 with IDU10.0 installed.

CiscoWoks installed into D:\CW2000 (not default) directory.

Two weeks ago I installed VMS IDS MC 2.0 update on my CW2000 machine (I know TAC would say it's not supported to run VMS Basic and RME on the same machine, but I need VMS to manage my single IDS and don't have a spare Windows server).

The upgrade included Windows 2000 Service Pack 4.

I noticed yesterday my RME Syslog Analyzer was not able to display any Syslog message.

I tried different windows (standard reports, 24-hour reports, device center) - no success.

It seems like there are no messages in syslog database (I've configured to clear the messages after 7 days).

The syslog.log file is being updated, the syslog.db file is present with today's date.

BUT looking to Syslog Collector Status I see all messages beeing considered "Invalid"!!!

I've found bug CSCdv50844 on CCO with "RME does not recognize syslog message after upgrade" description.

The bug status is Closed with no details.

Anybody could help?

Thanks,

Milan

Any hint in your daemons.log or dmgtd.log ?

Yes, I'm running VMS and RME on the same machine.

I was afraid of it but when I had installed VMS originally, everything worked fine.

The problem came with VMS MC upgrade form 1.2.3 to 2.0.

Thanks a lot for your advice, I'll try to find the another syslog process.

Regards,

Milan

Was it also necessary to reinstall RME?

BTW, I've got an info that the next VMS version (available Feb 2005) should be able to run on the same machine as RME.

Regards,

Milan

I did not have to reinstall RME. I just uninstalled all the applications that had to do with VMS and it began working correctly. Hope this helps. David

Thanks.

I'll try your way.

Regards,

Milan